Support PDF,DOC,DOCX,TXT,XLS,WPD,HTM,HTML fils up to 5MB
Years of Experience
Date Last Verified
ProfileChief Privacy Officer & Privacy Senior Counsel Duties: Building a strategic and comprehensive privacy program that defines, develops, maintains and implements policies and processes that enable consistent, effective privacy practices which minimize risk and ensure the confidentiality of PHI, paper and/or electronic, across all media types. Working with Senior Management, Senior Counsel for Information Security, Chief Information Security Officer, and the Chief Compliance and Ethics Officer to establish governance for the organization’s privacy program covering the requirements of HIPAA, PCI, GLBA, other federal and state, EU and other applicable international privacy protection laws and regulations. Creating and overseeing the implementation of a contractual data rights and data lifecycle program with the applicable business units and sales contracting organizations to ensure the organization has the rights to de-identify and/or aggregate PHI in compliance with customer contracts, HIPAA and other applicable laws. Representing the privacy program with the Compliance Committee of the Board of Directors, including reporting of privacy metrics, investigations, trends, privacy incidents and strategy/recommendations to mitigate privacy risks. Collaborating with the Senior Counsel for Information Security and the Chief Information Security Officer, ensure alignment between security and privacy compliance programs including policies, practices and investigations for security and privacy risks. Collaborating with Public Affairs, and others in Legal & Compliance, represent the organization’s information privacy interests with external parties (federal or state government bodies) which undertake to adopt or amend privacy legislation, regulations, or standards. Assisting the Business Units in assessing and balancing privacy needs and developing practical solutions to help ensure business unit compliance with privacy laws, regulations and standards. Leading the Business Associate Program regarding drafting and negotiating Business Associate Agreements, and participating on customer or vendor calls when necessary to deal with escalated privacy issues in contract negotiations. Managing the organization’s data de-identification program, including the selection and monitoring of external statisticians, and working with compliance and others in Legal & Compliance to establish consistent and compliant de-identification standards, policies and procedures. Leading privacy related due diligence in M&A transactions. Maintaining current knowledge of federal, state and international privacy protection laws and regulations, and monitoring advancements in information privacy technologies to ensure organizational adaptation and compliance. PROCESS, POLICY AND TRAINING. Developing and delivering ongoing privacy training to team members and management. Initiating, facilitating and promoting activities to foster information privacy awareness within the organization and related entities. Serving as information privacy consultant to the Business Unit Attorneys, Business Unit Management and others in Legal & Compliance. Leading the organization’s compliance efforts for the EU Privacy Shield, GDPR, PIPEDA, and other applicable international privacy protection laws and regulations. Establishing and administering a process for receiving, documenting, tracking, investigating, and taking action on all complaints concerning the organization’s privacy program and policies and procedures in coordination and collaboration with other similar functions. Drafting and updating the organization’s website, mobile application and other policies impacting privacy. Ensuring the organization’s privacy program and related privacy forms, policies, processes, standards, and procedures are up-to-date. RISK MITIGATION AND REPORTING. Leading HIPAA risk assessments in coordination with Senior Counsel for Information Security. Leading regular information privacy risk assessment/analysis, mitigation and remediation efforts in coordination with Senior Counsel for Information Security. Developing metrics and reporting on the effectiveness of the organization’s privacy program. Participating in the development, implementation, and ongoing compliance monitoring of all trading partner and business associate agreements, to ensure all privacy concerns, requirements, and responsibilities are addressed. Performing initial and periodic information privacy risk assessments and conducting related ongoing compliance monitoring activities in coordination with the organization’s other compliance and operational assessment functions. Working with Senior Counsel for Information Security, review all system-related information security plans throughout the organization’s network to ensure alignment between security and privacy practices. Leading and executing information lifecycle inventory projects for high risk business processes. PRIVACY INCIDENTS, INVESTIGATIONS AND AUDITS. Managing, with the Business Unit compliance resources and others in Legal & Compliance, all required breach determination and notification processes under HIPAA and applicable state breach rules and requirements. Leading any compliance reviews or investigations of the organization by the Office of Civil Rights, other federal or state regulators, and other regulatory agencies. Performing required breach risk assessment, documentation, and mitigation; and working with Human Resources to ensure consistent application of sanctions for privacy violations. Leading and responding to client privacy audits and inquiries. Other duties as assigned. THE INDIVIDUAL. Size and complexity. Experience managing a team of at least 3 plus in-direct staff across multiple geographies. Ability to navigate and work across multiple constituents to develop, communicate, and support a company’s short-term and long-term business objectives. Functional and industry experience. Exceptional business acumen and solid financial skills. A demonstrated track record active as an innovative thought leader and business partner to executives across multiple business units. Understands and utilizes work force analytics. Continuously establishes clear goals and uses data and metrics to achieve best in class results and business goals; strong track record of leading, managing, and improving people and processes. Growth and transformation. Proven experience and expertise in leading a large and complex organization through transformation from one of a largely independent stand-alone business units to a more fully integrated and strategically aligned organization.
Qualification and Experience
Qualifications: JD Degree from an ABA accredited law school with excellent academic credentials; admission to practice in good standing as a member of a jurisdiction is required. 10 years of experience providing legal counsel to clients on complex privacy matters within a large company, not-for-profit organization, law firm, or government agency. Deep knowledge of and experience in HIPAA and other federal, state, and international privacy protection laws and regulations dealing with privacy incidents. Expertise in drafting and negotiating Business Associate Agreements. Excellent interpersonal skills with an ability to provide sound, clear legal advice to clients. Demonstrated skills in collaboration, teamwork, and problem-solving to achieve goals and efficiencies for legal support. Ability to manage simultaneous projects in an efficient and timely manner. Outstanding verbal and written communication skills, including presentation skills. Organizational savvy and notable business acumen dealing with risk management and compliance. Recommended privacy certification such as International Associate of Privacy Professionals (IAPP), Healthcare Privacy and Security (CHPS) and/or other healthcare industry related credential.